File: 73_chkrootkit-fix-netstat-and-ss-tests.patch

package info (click to toggle)
chkrootkit 0.58b-3
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 7,612 kB
  • sloc: sh: 169,788; ansic: 10,726; makefile: 103
file content (82 lines) | stat: -rw-r--r-- 2,573 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Tue, 21 Feb 2023 18:36:54 +0000
Subject: chkrootkit: fix netstat and ss tests

Forwarded: yes
(forwarded by email, 12 mar 2023)

in tests that use netstat or ss
- use -n option to ss to keep port numbers numeric (otherwise
   ss may use service names
- chk_netstat_or_ss should set $netstat to the path so that $netstat
   can be influenced by -p like the other commands

in _chk_netstat_or_ss - prefer ss to netstat

in chk_netstat - for consistency, return NOT_FOUND rather than NOT_INFECTED if we did
 nit have netstat installed
---
 chkrootkit | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/chkrootkit b/chkrootkit
index 39e4eb5..5d8581b 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -107,7 +107,6 @@ slapper (){
    SLAPPER_PORT="0.0:2002 |0.0:4156 |0.0:1978 |0.0:1812 |0.0:2015 "
    _chk_netstat_or_ss;
    OPT="-an"
-   [ "${netstat}" = "ss" ] && OPT="-a"
    STATUS=0
    file_port=
 
@@ -136,7 +135,6 @@ scalper (){
    SCALPER_PORT=2001
    OPT="-an"
    _chk_netstat_or_ss;
-   [ "$netstat" = "ss" ] && OPT="-a"
    STATUS=0
 
    if ${netstat} "${OPT}" | ${egrep} "0.0:${SCALPER_PORT} "> /dev/null 2>&1; then
@@ -293,7 +291,6 @@ bindshell () {
 PORT="114|145|465|511|600|1008|1524|1999|1978|2881|3049|3133|3879|4000|4369|5190|5665|6667|10008|12321|23132|27374|29364|30999|31336|31337|37998|45454|47017|47889|60001|7222"
    OPT="-an"
    _chk_netstat_or_ss;
-   [ "$netstat" = "ss" ] && OPT="-a"
    PI=""
    if [ "${ROOTDIR}" != "/" ]; then
      echo "not tested"
@@ -1923,7 +1920,11 @@ NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/d
         expertmode_output "${strings} -a ${CMD}"
         return 5
     fi
-    [ "netstat" = ${CMD} ] && return ${STATUS}
+    if [ "netstat" = "${CMD}" ]; then
+				# if CMD is the non-path word 'netstat' only if netstat was not found
+				return "${NOT_FOUND}"
+		fi
+
     if ${strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \
     >/dev/null 2>&1
     then
@@ -2736,7 +2737,6 @@ chk_tcpdump () {
    TCPDUMP_I_L="212.146.0.34:1963";
    _chk_netstat_or_ss;
    OPT="-an"
-   [ "${netstat}" = "ss" ] && OPT="-a"
    if ${netstat} "${OPT}" | ${egrep} "${TCPDUMP_I_L}"> /dev/null 2>&1; then
       STATUS=${INFECTED}
    fi
@@ -3138,9 +3138,8 @@ fi
 #
 _chk_netstat_or_ss()
 {
-    netstat="netstat"
-    CMD=`loc ss ss $pth`
-    [ ${?} -eq 0 ] && netstat="ss"
+    netstat=$(loc ss ss $chkrkpth)
+    [ ${?} -eq 0 ] || netstat=$(loc netstat netstat $chkrkpth)
 }
 
 for cmd in ${LIST}